Subject: Re: Enhancing my firewall/gateway: Adding a DMZ
To: None <firstname.lastname@example.org>
From: Michael Richardson <email@example.com>
Date: 12/21/2002 15:56:30
-----BEGIN PGP SIGNED MESSAGE-----
SCI> I have been running NetBSD for a while now as my firewall. Finally
SCI> the time has come to enhance the firewall to provide for a DMZ. I
First, you have a problem with terminology.
The term DMZ originally meant the wire between your firewall and your
border router - the place that you didn't control, nor did the opposition.
Raptor/Axent/etc, when they added support for a third interface, decided to
abuse the term and call it the "DMZ", and then Checkpoint, who had an equal
lack of clue, adopted it.
The historial term for what I think that you want, is a "service" network -
a place for servers which are visible to the outside world.
In general, one builds that network with routable addresses. If you only
have one address, then I recommend getting more. Or find switch ISPs.
I'm serious here.
If you are just building another network that you are going to NAT things
to, then, well... what's the question?
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----